Tag: active

Active Directory Object LDAP Syntax

A typical day ​   of an Active Directory administrator entails working within a tool, such as Active Directory Users and Computers ( ADUC ), Active Directory Sites and Services ( ADSS ), ADManager Plus, or ADAudit Plus. These tools mask the complexities that can be hidden behind most of the objects that you are working with.

2014 Security Year in Review

Whew! Thank goodness 2014 is over! Well, at least if you are considering the year’s security issues, attacks, leaks, and password ​ issues . As a security and Windows Active Directory professional, ​ I feel like I have earned the right and it is the appropriate time to say, “I told you so.” ​ Let me put this into perspective, to prove my point. 2014 financial services firms – $20.8 million lost to breaches 2014 tech companies – $14.5 million lost to breaches 2014 communication providers – $12.7 million lost to breaches Ebay – 150 million user accounts compromised due to phishing attacks, users asked to change password immediately Home Depot – 56 million credit cards compromised US Post Office – 800,000 employees’ confidential data breached Unfortunately, there are many ​ , many more that could be listed

AD Admins: Are you prepared for the worst?

One of Aesop’s greatest fables, titled ‘The Ant and the Grasshopper’, teaches us a priceless lesson for life – it is best to be prepared for the future. While the grasshopper makes merry dancing and singing during summer, the ant diligently stashes away every bit of food it can save

Active Directory Delegation: It Does Not Need to Be Hard!

One of the most important and powerful reasons that organizations consider Active Directory is the fact that delegation is built into the product. W indows NT did not have delegation, unless you want to call membership in the Account Operators group delegation! Windows Active Directory provides ​ a simple method , using the Delegate Control Wizard, to grant a group of users granular control over all or even just a subset of your Active Directory objects. For example, if you have a help desk that should have the ability to reset passwords for all users except for those in IT, you can delegate this permission to the OU that contains the non-IT employees

Safely Delegating Password Reset Capability in Active Directory

I have been preaching for years about how powerful Active Directory is in the ability to delegate control over certain tasks and certain objects in Active Directory. One of the most obvious delegations is giving a one group of users the ability to reset passwords for a different group of users. There are a few issues using the Microsoft solution, and those issues can cause insecure settings, hard-to-report delegations, and access to AD that is hard to find and remove